Hello All,
Today I came across a strange problem.
I wrote a program to test ldap ssl/tls connection with OpenLDAP
library. Something like the code snippet as follows:
(...)
ret = ldap_set_option(NULL, LDAP_OPT_X_TLS_REQUIRE_CERT, &cert_flag);
... // bind to the server
The first binding is successful, as expected. However, the second
binding is also successful, which is contrary to my expectation,
because I didn't create any cert file yet.

Possibly the answer lies in the code you did not show:
Create an LDAP* (with which url/host?), connect, bind, unbind.

Another observation here is that if the first binding with
LDAP_OPT_X_TLS_NEVER is removed, and the second binding with
LDAP_OPT_X_TLS_DEMAND set is done right from the beginning, then it
will fail, as expected.

Do you use the same LDAP* connection for both "bindings"?
Its options are set when it is initialized.
Try to unbind and then create a new LDAP*.
--
Hallvard